IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [persona]

7 questions
45
votes
5 answers

What are the downsides of BrowserID/Persona compared to OpenID/OAuth/Facebook?

Mozilla went live with a new service called BrowserID/Persona (announcement, background). It is intended to replace current single-sign-on solutions such as OpenID, OAuth and Facebook. One advantage is that a future integration into the browsers…
Hendrik Brummermann
  • 27,118
  • 6
  • 79
  • 121
21
votes
3 answers

What are the main advantages and disadvantages of webid compared to browserid?

What are the main advantages and disadvantages of webid compared to browserid? This question is inspired by this answer which got a number of upvotes despite being very vague on the topic of that question. Webid is basically a fancy name for SSL…
Hendrik Brummermann
  • 27,118
  • 6
  • 79
  • 121
10
votes
3 answers

Should I ask a user to re-authenticate if the browser thumbprint changes? Is a server side library available?

Is there a security benefit to using the browser's thumbprint in addition to a session identifier to identify a unique session? Would it then be advisable to ask the user to reauthenticate (or simply refresh the session token) if the thumbprint…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
2
votes
1 answer

How to protect personal data requested by Certificate Authorities from data theft?

I recently uploaded images of my passport and driver's license to a Certificate Authority (CA) to apply for SSL certificates. The submission was rejected because I have added watermarks to prevent data theft. I explained to the Cert Master that the…
Question Overflow
  • 5,220
  • 6
  • 27
  • 48
1
vote
0 answers

How to protect the control environment of my web application?

I am developing a web application and want to do its setup and control using my personal notebook. However, the following topics concern me: 1) Enter the platform (includes the login in the control panel of my application) that hosts my site. * This…
Joao
  • 19
  • 1
1
vote
0 answers

Persona combined with stateless token authentication

My REST-Backend is using Mozilla Persona to authenticate users. Normally you would just use cookies to authenticate any further requests but I want to use token based authentication (out of personal dislike for cookies and as an academic…
5-to-9
  • 133
  • 3
0
votes
2 answers

Where are the private keys stored in Persona/Browser ID?

I'm trying to understand where the private keys are stored in the Persona system, and how they are protected. Can anyone elaborate on where the crypto material is created, stored, and what is transferred?
makerofthings7
  • 50,090
  • 54
  • 250
  • 536